RE: Thinking about Security rules...

["Mendoza Bazan, Luis - (Per)" <luis.mendoza () attla com>]

Hi Rhino,

You are looking for a paper that make a product similar to this:
http://www.esecurityinc.com/main.asp

I hear that this is the best product of this type.

Best Regards

Luis Mendoza

-----Original Message-----
From: Rhino Bond [mailto:rhino007_us () yahoo com]
Sent: Martes, 14 de Mayo de 2002 12:54 p.m.
To: Geoff Galitz; Harvey Newstrom
Cc: Ray Parks; vuln-dev
Subject: Re: Thinking about Security rules...



Folks,

Just to clarify what we are looking for.  We know how
to configure all the seperate parts (routers,
firewalls, IDS, etc.).  We were wondering if anyone
ever wrote a white paper on creating an engine to
automate/manage all the individual parts.  So far I
have found nothing.  This is a Herculian project I
think...  However I want to thank everyone for their
contributions to this tread, they were all very
interesting.

Regards, David

David R. Hawley, CEO ~ CISSP
UNIX & NT NETWORK SECURITY, LLC
1980 16th St. Ste, P-209
Newport Beach, CA 92663
949-645-5932

--- Geoff Galitz <galitz () chem berkeley edu> wrote:
> On Friday, May 10, 2002, at 06:05 PM, Harvey
> Newstrom wrote:
>
> > On Thursday, May 9, 2002, at 03:47 pm, Ray Parks
> wrote:
> > >   Just remember this aphorism - Depth without
> Breadth is useless.
> > >   We engaged in a series of experiments within
> the DARPA IA program in
> > > which we proved that Defense in Depth is an
> over-rated concept.  
> > > Layered
> > > defenses can actually be weaker than single
> defenses because
> > > administrators/developers think that another
> layer is providing the 
> > > defense
> > > they are ignoring.  The results of these
> experiments were recorded in a
> > > paper, unfortunately I don't have a cite at this
> time.
> > >   Bottom line - we were able to get through
> layers of defense in depth
> > > because we could attack each layer in a different
> way.  This allowed
> > > attacks to woogle through to the goal despite
> multiple layers of 
> > > defense.
> >
> > I have seen similar studies long ago relating to
> alarm monitoring.  
> > Items being monitored by multiple people had worse
> response times than 
> > items monitored by a single person!  It turned out
> that people would 
> > frequently be lax and assume that someone else was
> handling it.
> > I have also seen this scenario in help desk or
> message queues.  Some 
> > ringing phones or e-mails would remain unanswered
> for days because 
> > everybody was answering other items and assumed
> the missed item would 
> > be caught by somebody else somewhere.
>
>
> I would point out that the issues cited above are
> issues of
> deployment and internal procedure which are separate
> from
> the network vulnerability issues.   Of course, the
> two are linked,
> but the lesson to take home is that the right answer
> will vary
> between different organizations.  The variables
> include how
> well the security operation runs, is it integrated
> with the general
> IT organization, how responsive are those teams in
> general,
> do they have well-functioning and well-known
> procedures and
> so on...
>
> One size does not fit all.
>
> -geoff
----------------------------------------------------------------------------
------
> Geoff Galitz                               |
> UC Berkeley                             |           
>  D'oh!
> galitz () uclink berkeley edu   |
> http://www.cchem.berkeley.edu/College/unix
> http://www.cchem.berkeley.edu/~galitz


__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com